-
freerdp2 (2.10.0+dfsg1-1.1ubuntu1.3) mantic-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32658.patch: fix offset error in
libfreerdp/codec/interleaved.c.
- CVE-2024-32658
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32659.patch: fix out of bound read in
libfreerdp/codec/color.c.
- CVE-2024-32659
* SECURITY UPDATE: crash via invalid huge allocation size
- debian/patches/CVE-2024-32660.patch: allocate in segment steps in
libfreerdp/codec/zgfx.c.
- CVE-2024-32660
* SECURITY UPDATE: NULL access and crash
- debian/patches/CVE-2024-32661.patch: fix missing check in
rdp_write_logon_info_v1 in libfreerdp/core/info.c.
- CVE-2024-32661
-- Marc Deslauriers <email address hidden> Thu, 25 Apr 2024 07:08:28 -0400
-
freerdp2 (2.10.0+dfsg1-1.1ubuntu1.2) mantic-security; urgency=medium
* SECURITY UPDATE: integer overflow in freerdp_bitmap_planar_context_reset
- debian/patches/CVE-2024-22211.patch: check resolution for overflow in
libfreerdp/codec/planar.c.
- CVE-2024-22211
* SECURITY UPDATE: out-of-bounds write and out-of-bounds read
- debian/patches/CVE-2024-32039_41.patch: reorder check to prevent
possible integer overflow in libfreerdp/codec/clear.c,
libfreerdp/codec/zgfx.c.
- CVE-2024-32039
- CVE-2024-32041
* SECURITY UPDATE: integer underflow in NSC codec
- debian/patches/CVE-2024-32040.patch: abort if there are more bytes to
be read then there are left in libfreerdp/codec/nsc.c.
- CVE-2024-32040
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32458.patch: fix missing input length checks
in libfreerdp/codec/planar.c.
- CVE-2024-32458
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32459.patch: fix missing input length check
in libfreerdp/codec/ncrush.c.
- CVE-2024-32459
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32460.patch: add checks to
libfreerdp/codec/include/bitmap.c, libfreerdp/codec/interleaved.c.
- CVE-2024-32460
-- Marc Deslauriers <email address hidden> Tue, 23 Apr 2024 10:51:20 -0400
-
freerdp2 (2.10.0+dfsg1-1.1ubuntu1.1) mantic-security; urgency=medium
* SECURITY UPDATE: OOB write via invalid offset validation
- debian/patches/CVE-2023-39352.patch: add bound check in gdi_SolidFill
in libfreerdp/gdi/gfx.c.
- CVE-2023-39352
* SECURITY UPDATE: OOB read via missing offset validation
- debian/patches/CVE-2023-39356-1.patch: fix checks for multi opaque
rect in libfreerdp/core/orders.c.
- debian/patches/CVE-2023-39356-2.patch: fix reading order number field
in libfreerdp/core/orders.c.
- CVE-2023-39356
-- Marc Deslauriers <email address hidden> Mon, 27 Nov 2023 12:24:27 -0500
-
freerdp2 (2.10.0+dfsg1-1.1ubuntu1) mantic; urgency=medium
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-39350.patch: validates package length to prevent
possible out of bound read
- CVE-2023-39350
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2023-39351.patch: frees content of currentMessage on
fail to prevent null pointer access when processing next package
- CVE-2023-39351
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-39353-01.patch: validates offset to prevent
possible out of bound read
- debian/patches/CVE-2023-39353-02.patch: fixes issues with the original
patch
- CVE-2023-39353
* SECURITY UPDATE: missing input validation
- debian/patches/CVE-2023-39354.patch: validates input length to prevent
possible out of bound read
- CVE-2023-39354
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-40181.patch: fixes cBitsRemaining calculation to
prevent possible out of bound read
- CVE-2023-40181
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-40186.patch: fixes integer multiplication to
prevent possible out of bound write
- CVE-2023-40186
* SECURITY UPDATE: missing input validation
- debian/patches/ensure_integer_width.patch: ensures integer width
- debian/patches/CVE-2023-40188.patch: validates input length to prevent
possible out of bound read
- CVE-2023-40188
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-40567.patch: validates offset to prevent
possible out of bound write
- CVE-2023-40567
* SECURITY UPDATE: incorrect parameter calculation
- debian/patches/CVE-2023-40569.patch: fixes nXSrc and nYSrc calculation
to prevent possible out of bound write
- CVE-2023-40569
* SECURITY UPDATE: global buffer overflow
- debian/patches/CVE-2023-40589.patch: fixes index checks
- CVE-2023-40589
-- Jorge Sancho Larraz <email address hidden> Wed, 04 Oct 2023 15:07:16 +0200
-
freerdp2 (2.10.0+dfsg1-1.1) unstable; urgency=medium
* Non-maintainer upload.
* debian/patches/0001_fix_ftbfs_1041377.patch:
- include upstream fix for FTBFS with FFmpeg 6.0
(Closes: #1041377)
-- Héctor Orón Martínez <email address hidden> Sat, 05 Aug 2023 14:33:39 +0200
-
freerdp2 (2.10.0+dfsg1-1) unstable; urgency=medium
* New upstream release.
- Fix android build scripts, use CMake from SDK.
- Fix connection negotiation with mstsc/msrdc.
- [ntlm]: use rfc5929 binding hash algorithm.
- [channels,printer] Fixed reference counting.
- Fix uwac pixman.
- Fix Rdp security.
- [client,x11] Detect key autorepeat.
- [build] add channel path to RPATH.
- Fix build with BUILTIN_CHANNELS=OFF.
- revert changes so that the osmajortype/osminortype is not overwritten.
- [uwac] do not use iso C functions.
- [winpr,sam] fix inalid NULL arguments.
- Fix incompatible function pointer types.
- Ignore data PDUs for DVCs that were not opened successfully.
- [channel,urbdrc] fix type of usb hotplug callback.
- Extended info enforce limits.
- [core] add missing redirection fields.
* debian/control:
+ Bump Standards-Version: to 4.6.2. No changes needed.
* debian/copyright:
+ Update copyright attributions.
+ Update auto-generated copyright.in file.
* debian/libfreerdp2-2.symbols:
+ Update symbols.
-- Mike Gabriel <email address hidden> Sun, 26 Feb 2023 21:59:16 +0100
